After having a quite depressing discussion about how Tor will evolve in Germany considering the data retention laws, I met a guy on IRC who told me about his new really cool project.

Camilo Viecco, who’s just doing his PhD in CS at the Indiana University, developed a naive UDP-implementation of the anonymisation-principle known as onion-routing from scratch. It’s far from perfect and it wouldn’t meld with the Tor-code easily, but it’s a first approach to improve latency for anon-services.

Tdor is an anonymisation-software to be installed on your local PC. It enables you to use the internet anonymously by configuring tdor as a proxy in your webbrowser. By using this software, no one can find out your IP-address, effectively resulting in an obfuscation of your identity.

What’s different about this project compared to regular anonymisation-systems is that tdor is using UDP instead of TCP, dramatically improving the well-known latency you suffer off when you’re using regular TCP-based anon-systems.

The project didn’t even release it’s first alpha-version, but the version I tested was usable and quite fast. I couldn’t make a difference of regular internet-connections and Internet over tdor.

Though where’s light, there’re shadows: The whole tdor-network only uses six nodes at the moment. It’s not meant to be used for real productive use, it’s only for testing – though it works cool!

At the moment the whole project consists of just a handful of people, but I bet Camilo appreciates any help he can get.

So. If you wanna participate in a really cool fancy brand-new cutting-edge anonymisation technology, grab the sources, compile it, run it and report bugs and issues!

Ever since I migrated to Fedora Cora 8 I was really disappointed that Firefox-Profiles stopped working as I was used to them in Debian. I used different Firefox-profiles to run concurrent instances with other settings – like “regular web-surfing”, “Tor”, “English proxy for BBC iPlayer”, “test-this-random-plugin”.

But not with Fedora. I tried debugging the script, found a multitude of bug-reports against that, with now results.

Today dr|z3d from #tor pointed me to the correct answer: You have to apply the “-no-remote”-command to Firefox to get it working. Unfortunately, this option isn’t mentioned in the manual page to Firefox on Fedora Core 8.

So, if you want to get multiple profiles running: Add a -no-remote to the command-line. That should do the trick.

Update: Included another link to the Video. Thanks, Renke!
Just back from 24C3 where I attended Roger Dingledine’s talk about Tor’s further development plans (Torrent to Matroska-Video: Mirror #1, Mirror #2). He also presented the new development-version of Torbutton which is finally usable. The old Torbutton-plugin had several problems: It had the problem that it presented cookies, history and saved passwords from non-Tor-sessions to Tor-sessions which severely spoiled your privacy; the new development-version of Torbutton has a dedicated cookie-jar for Tor-sessionsand lot’s of other features:

So if you press the Torbutton, it totally isolates all the other non-Tor-sessions (though I don’t recommend to use those tabs), improving your privacy. Before this new plugin was available, I used a separated Firefox-profile to use Tor – not needed anymore with Torbutton.

The German Privacy Foundation was finally officially established. The GPF thinks everyone has the right for privacy and anonymous communication. Anonymity is one of the fundamental basics to privacy and support human- and citizen’s rights.

It’s goals are to inform and educate about safe communication on the internet, supporting and organising tutorialsfor citizen about those topics.

The GPF is supporting and endorsing the development and deployment of anonymous infrastructure.

The Privacy Legal Fund (Germany) is a yet-to-be-founded organisation which will help voluntary operators of anonymisation-services like JAP, Tor, Mixmaster, Entropy, Freenet et al. with their problems with the Feds.

Much like the GPF, they want to promote the useage of privacy-enhancing internet-tools, but puts it’s emphasis on direct action instead of education. In that sense, the GPF and the PLC will be complementary.

The PLF doesn’t have fixed rules yet, they’re still to be defined. The PLF will be a non-profit organisation.

Contact: Contact me using the contact-form in this blog. You may encrypt the message using the PGP-key 0x90DEE171.

Well. I was expecting this. You know, there are people taking civil responsibility, running a Tor-node and all they get is nastygrams, kicked-down doors and ultimately, lawsuits.

So, what happened: There’s this German guy, a Tor-operator. In June the police send him a letter telling him that he’s accused of computer fraud combined with unlawful modification of evidences. He’s a law-abiding citizen nothing guilty of, just using his civil rights and quite fed up with all those silly accusations, so he followed Udo’s golden rule #1: “You have the right to remain silent“.

Months later he got a letter from a court order about a penalty order, telling him that he’s guilty on all counts.

He describes it in his own words:

In early September I received a penalty order ("Strafbefehl") - from thecourt. A judge found me guilty of having ordered a gift voucher (value: 51EUR) on amazon.de, providing address details of a living person (but notmyself obviously), and using a Web.de email address registered specificallyfor this purpose. I was sentenced to pay a fine of 500 EUR.

He appealed and the whole case finally went to court, having the hearing today. What happened then is beyond all reason:

[…] the penalty order listed four witnesses (the person whose addressdetails had been used, a police officer in a cow town near that person'shome hometown, a local police officer, and an employee of amazon.de)

However, the trial listed no witnesses at all. That guy was a laymen-judge (lay assessor) himself, so he though that this trial is based on a very weak basis and didn’t bother about it to much. Then all hell broke lose.

The judge and the lawyer of the state realized quite quick that he was not the one who committed the fraud, but instead of dismissing the case entirely they started to construct accusations like “supporting a crime” – which is utter bullshit. The accusation of “supporting a crime” in Germany definitively states that you need to support actively a certain crime – and only especially that you’re accused of. There ain’t nothing like a “general support crime”, as the judge thought. This is just another stunt!

The judge really thought “someone needs to be punished, but we can’t accept you to help anyone else to comit a crime”:

The judge as well as the public prosecutorrefused to accept that I didn't do anything criminal, that I didn't andstill don't want to help anyone committing a crime.

Oh Lord. Where have we gone!?

Even worse. The whole lawsuit was so frightening and cumbersome to the Tor-guy that he decided to dismiss the lawsuit according to §153 StPO. That means that the accusations are dismissed because there’s no public interest in the case. But yet, that doesn’t mean that he wasn’t found NOT GUILTY!

Why did he do this? Because he didn’t want to pay for a lawyer, as I do – but I can afford it:

They offered me to dismiss the actual court trial according to paragraph 153StPO which is not the same as an acquittal (no "Freispruch") which Ieventually accepted. It means, however, that I won't have to pay for thetrial. They also repeatedly said that this time I got off with just a slapon the wrist - next time it wouldn't be that cheap.

It’s all a big mess. Judges and lawyers have no bloody clue what Tor is about. They ignore the fact that Tor is a legal tool in a civil society and that Tor-operators aren’t responsible for the actions of their users. Heck, no one ever sued Pan Am to let the Lockerbie-bombers on board, and no one ever sued the German Postal Service for transporting letter-bombs: Yet German courts think that operators of anomymizing services are responsible for the actions of the users.

Brave new new world. Where have we gone? Our elected leaders ratify laws which are stupid. The judiciary is as dumb as a piece of stale bread. Take me out of here.